[{"data":1,"prerenderedAt":-1},["ShallowReactive",2],{"$fD1JS-dD9VmKasXp49TcD9vwOu1CZ-nHOSIWbiDxNF0Y":3},{"slug":4,"name":5,"version":6,"author":7,"author_profile":8,"description":9,"short_description":10,"active_installs":11,"downloaded":12,"rating":13,"num_ratings":14,"last_updated":15,"tested_up_to":16,"requires_at_least":17,"requires_php":18,"tags":19,"homepage":25,"download_link":26,"security_score":27,"vuln_count":28,"unpatched_count":28,"last_vuln_date":29,"fetched_at":30,"vulnerabilities":31,"developer":32,"crawl_stats":29,"alternatives":37,"analysis":132,"fingerprints":429},"booking-system-edoobox","Online Buchungssystem – edoobox","3.4.1","edoobox","https:\u002F\u002Fprofiles.wordpress.org\u002Fedoobox\u002F","\u003Cp>The Edoobox booking system simplifies the planning and advertising of courses and events with the online booking solutions.\u003C\u002Fp>\n\u003Ch4>Online Booking System\u003C\u002Fh4>\n\u003Cp>edoobox is the clever online booking system. Customers can book and pay for courses, seminars and events around the clock in real time.\u003C\u002Fp>\n\u003Ch4>Promotion-Campaigns\u003C\u002Fh4>\n\u003Cp>With edoobox you choose a well-rounded online booking system. Efficient management of your courses, seminars, events, congresses and symposia. Increase your success.\u003C\u002Fp>\n\u003Ch4>Integration into your website\u003C\u002Fh4>\n\u003Cp>Integrate the booking system into your website and adapt the design to your web presence. All offer pages are optimised for smartphones, tablets and PC.\u003C\u002Fp>\n\u003Ch4>Participant management\u003C\u002Fh4>\n\u003Cp>Your participants are your most valuable asset. All customer details and offers can easily be viewed and changed anywhere at any time.\u003C\u002Fp>\n\u003Ch4>Payment systems\u003C\u002Fh4>\n\u003Cp>Your participants pay online by credit card or bank transfer, edoobox itself does not charge a discount. From the many payment systems provided you can activate the desired system and\u002For activate the automatic invoice generation.\u003C\u002Fp>\n\u003Ch4>Real-time price control\u003C\u002Fh4>\n\u003Cp>The online presence\u002Fattendee list is always available in real time. For optimal communication, the provider is informed by e-mail in case of changes.\u003C\u002Fp>\n","Simplify event and course management with Edoobox, an intuitive online booking system.",200,16590,86,8,"2025-11-25T22:08:00.000Z","6.8.5","6.0","8.2",[20,21,22,23,24],"booking-software","course-administration","event-registration-system","online-booking-system","seminar-registration","https:\u002F\u002Fwww.edoobox.com\u002Fwordpress-plugin","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fbooking-system-edoobox.3.4.1.zip",100,0,null,"2026-03-15T15:16:48.613Z",[],{"slug":7,"display_name":7,"profile_url":8,"plugin_count":33,"total_installs":11,"avg_security_score":27,"avg_patch_time_days":34,"trust_score":35,"computed_at":36},1,30,94,"2026-04-04T05:30:24.422Z",[38,62,81,97,113],{"slug":39,"name":40,"version":41,"author":42,"author_profile":43,"description":44,"short_description":45,"active_installs":46,"downloaded":47,"rating":13,"num_ratings":48,"last_updated":49,"tested_up_to":50,"requires_at_least":51,"requires_php":52,"tags":53,"homepage":58,"download_link":59,"security_score":35,"vuln_count":60,"unpatched_count":28,"last_vuln_date":61,"fetched_at":30},"beds24-online-booking","Beds24 Online Booking","2.0.30","markkinchin","https:\u002F\u002Fprofiles.wordpress.org\u002Fmarkkinchin\u002F","\u003Ch4>Powerful and Customisable Online Booking System\u003C\u002Fh4>\n\u003Cp>Beds24.com is a full featured online booking engine. The system is very flexible with many options for customization.\u003C\u002Fp>\n\u003Cp>The Beds24.com online booking system and channel manager is suitable for any type of accommodation such as hotels, motels, B&B’s, hostels, vacation rentals, holiday homes and campgrounds as well as selling extras like tickets or tours.\u003C\u002Fp>\n\u003Cp>The plugin is free to use but you do need an account with Beds24.com. A free trial account is available at http:\u002F\u002Fwww.beds24.com\u002Fjoin.html\u003C\u002Fp>\n\u003Ch4>Features\u003C\u002Fh4>\n\u003Cul>\n\u003Cli>Real-time availability and commission free online bookings\u003C\u002Fli>\n\u003Cli>Customisable booking widgets\u003C\u002Fli>\n\u003Cli>Multiple rates and discounts\u003C\u002Fli>\n\u003Cli>Multi language booking page (30+languages)\u003C\u002Fli>\n\u003Cli>Online payments\u003C\u002Fli>\n\u003Cli>Optional channel manager\u003C\u002Fli>\n\u003Cli>Multi-language support\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Ch4>Features for Property Managers, Hotel Groups and Agencies\u003C\u002Fh4>\n\u003Cul>\n\u003Cli>Agency seach box\u003C\u002Fli>\n\u003Cli>Subaccounts with access control\u003C\u002Fli>\n\u003C\u002Ful>\n","Accept commission free online bookings from your Wordpress website. Suitable for hotels, B&B's, holiday rentals, vacation rentals, apartments &hellip;",2000,98551,6,"2025-05-02T06:14:00.000Z","6.7.5","2.0.2","",[54,55,56,57,23],"booking-engine","booking-system","ibe","online-booking-engine","https:\u002F\u002Fbeds24.com","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fbeds24-online-booking.zip",7,"2025-05-07 00:00:00",{"slug":63,"name":64,"version":65,"author":66,"author_profile":67,"description":68,"short_description":69,"active_installs":27,"downloaded":70,"rating":28,"num_ratings":28,"last_updated":71,"tested_up_to":72,"requires_at_least":73,"requires_php":52,"tags":74,"homepage":79,"download_link":80,"security_score":27,"vuln_count":28,"unpatched_count":28,"last_vuln_date":29,"fetched_at":30},"greenrope-analytics","GreenRope Analytics","1.5.7","skozyk","https:\u002F\u002Fprofiles.wordpress.org\u002Fskozyk\u002F","\u003Ch4>GreenRope: CRM, Email Marketing, and more!\u003C\u002Fh4>\n\u003Cp>Now for WordPress!\u003C\u002Fp>\n\u003Cp>This plugin is designed to track your WordPress site visitors within your GreenRope account.\u003C\u002Fp>\n\u003Cp>Simply install and activate the GreenRope plugin on your WordPress site and enter your account number. Voila! The GreenRope tracking code will be dynamically inserted on every page of your WordPress website and the analytics will be available in your GreenRope account.\u003C\u002Fp>\n\u003Cp>GreenRope is a powerful, web-based application that allows business owners to consolidate their customer database, create marketing campaigns, send and track invoicing and thats just the beginning, all while being more efficient and effective than ever before. No matter what kind of small business you are running, we work hard to make your life easier through consolidation while still offering robust features. All your data is stored securely online allowing customers easy access to it from anywhere in the world. All that is needed is an internet connection.\u003C\u002Fp>\n\u003Cp>All of the features available are accessible from one screen, making this an easy-to-use, feature-packed solution for small business management.\u003C\u002Fp>\n\u003Ch4>To register for a free GreenRope trial account, click here: https:\u002F\u002Fwww.greenrope.com\u002Flivedemo\u003C\u002Fh4>\n","Enables you to add GreenRope analytics and tracking to every page of your WordPress site.",5485,"2026-01-27T20:25:00.000Z","6.9.4","3.0",[75,76,77,22,78],"analytics","crm","email-marketing","greenrope","https:\u002F\u002Fwordpress.org\u002Fplugins\u002Fgreenrope-analytics\u002F","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fgreenrope-analytics.1.5.7.zip",{"slug":82,"name":83,"version":84,"author":85,"author_profile":86,"description":87,"short_description":88,"active_installs":27,"downloaded":89,"rating":27,"num_ratings":33,"last_updated":90,"tested_up_to":72,"requires_at_least":91,"requires_php":92,"tags":93,"homepage":95,"download_link":96,"security_score":27,"vuln_count":28,"unpatched_count":28,"last_vuln_date":29,"fetched_at":30},"mybooking-reservation-engine","MyBooking Reservation Engine","2.6.0","Juan","https:\u002F\u002Fprofiles.wordpress.org\u002Fjuanmiqueo\u002F","\u003Cp>Mybooking Reservation Engine WordPress plugin is designed for your vehicle, boats, properties or material rental.\u003Cbr \u002F>\nIt also can be used for accommodation, transfers or tour and activities business.\u003C\u002Fp>\n\u003Cp>It’s easy to use and very powerful. You can manage offers, promotion codes and connect a payment gateway to charge\u003Cbr \u002F>\nfor your reservations. You can insert a search widget on your home page to start the reservation process. You can\u003Cbr \u002F>\nalso include a calendar in each of your products pages.\u003C\u002Fp>\n\u003Cp>This plugin provides a booking engine frontend in your WordPress site connecting to your mybooking account.\u003C\u002Fp>\n\u003Cp>It is very easy to set up:\u003C\u002Fp>\n\u003Cul>\n\u003Cli>Create your products and prices on your mybooking account.\u003C\u002Fli>\n\u003Cli>Install and configure the plugin on your WordPress website.\u003C\u002Fli>\n\u003Cli>Start receiving and charging reservations.\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Cp>It has three modules for different reservation needs:\u003C\u002Fp>\n\u003Cul>\n\u003Cli>Renting\u002FAccommation\u003C\u002Fli>\n\u003Cli>Activities\u002FAppointments\u003C\u002Fli>\n\u003Cli>Transfer\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Cp>The reservation engine includes:\u003C\u002Fp>\n\u003Cul>\n\u003Cli>Search widgets to start the reservation process\u003C\u002Fli>\n\u003Cli>Calendar shortcodes to add a calendar to your product page\u003C\u002Fli>\n\u003Cli>Language context adapted to the different business\u003C\u002Fli>\n\u003Cli>Prices by hours and days (defined on your mybooking account)\u003C\u002Fli>\n\u003Cli>Prices by seasons (defined on your mybooking account)\u003C\u002Fli>\n\u003Cli>Offers (defined on your mybooking account)\u003C\u002Fli>\n\u003Cli>Promotion Code (defined on your mybooking accoount)\u003C\u002Fli>\n\u003Cli>Stop sales (defined on your mybooking account)\u003C\u002Fli>\n\u003Cli>Min and max reservation duration (defined on your mybooking account)\u003C\u002Fli>\n\u003Cli>Calendar to define delivery and collection times (defined on your mybooking account)\u003C\u002Fli>\n\u003Cli>Payment gateway connection. Paypal, Redsys and Addon Payments\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Cp>The reservation engine can be used for the following businesses:\u003C\u002Fp>\n\u003Cul>\n\u003Cli>Vehicles rental (car rental, autocaravanning, motorcycle, scooters, bike)\u003C\u002Fli>\n\u003Cli>Boats rental\u003C\u002Fli>\n\u003Cli>Properties rental\u003C\u002Fli>\n\u003Cli>Sports material rental (Kayak, surf, paddle surf)\u003C\u002Fli>\n\u003Cli>Accommodation (hostels and hotels)\u003C\u002Fli>\n\u003Cli>Sport courts\u003C\u002Fli>\n\u003Cli>Coworking\u003C\u002Fli>\n\u003Cli>Escape Rooms\u003C\u002Fli>\n\u003Cli>Activities\u003C\u002Fli>\n\u003Cli>Tours\u003C\u002Fli>\n\u003Cli>Appointments\u003C\u002Fli>\n\u003Cli>Transfers\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Cp>Notes:\u003C\u002Fp>\n\u003Cul>\n\u003Cli>The plugin does not use iframes to build the reservation process. It works directly on your WordPress installation.\u003C\u002Fli>\n\u003Cli>It is ready to use in any theme. But you can customize the components to match your website look and feel\u003C\u002Fli>\n\u003C\u002Ful>\n","Mybooking Reservation Engine WordPress plugin.",10915,"2025-12-18T10:21:00.000Z","5.2","7.2",[54,55,94,57,23],"car-rental-reservation","https:\u002F\u002Fwww.mybooking.es\u002F","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fmybooking-reservation-engine.2.6.0.zip",{"slug":98,"name":99,"version":100,"author":101,"author_profile":102,"description":103,"short_description":104,"active_installs":27,"downloaded":105,"rating":28,"num_ratings":28,"last_updated":106,"tested_up_to":50,"requires_at_least":73,"requires_php":107,"tags":108,"homepage":111,"download_link":112,"security_score":27,"vuln_count":28,"unpatched_count":28,"last_vuln_date":29,"fetched_at":30},"viking-bookings","Viking Bookings","1.0.5","vikingbookings","https:\u002F\u002Fprofiles.wordpress.org\u002Fvikingbookings\u002F","\u003Cp>Viking Bookings offers an online booking platform for water sport centers; kitesurf, windsurf, wavesurf and SUP schools; and other weather-dependant activity providers. This plugin creates a seamless integration of our booking forms, to increase your conversion rates and create a smooth customer experience.\u003Cbr \u002F>\nThe plugin allows you to embed the Viking Bookings widget on your website with minimal effort and customise its appearance and settings right from the WordPress admin. Functionally, you can assign any button on your website to open a layover booking form out of your Viking Bookings system.\u003C\u002Fp>\n","Easily embed booking forms from your Viking Bookings account on your WordPress site.",2999,"2025-08-13T13:39:00.000Z","5.6",[20,109,98,101,110],"viking","water-sports","http:\u002F\u002Fwordpress.org\u002Fplugins\u002Fviking-bookings\u002F","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fviking-bookings.1.0.5.zip",{"slug":114,"name":114,"version":115,"author":114,"author_profile":116,"description":117,"short_description":118,"active_installs":119,"downloaded":120,"rating":121,"num_ratings":122,"last_updated":123,"tested_up_to":124,"requires_at_least":125,"requires_php":52,"tags":126,"homepage":129,"download_link":130,"security_score":131,"vuln_count":28,"unpatched_count":28,"last_vuln_date":29,"fetched_at":30},"bookingkit","1.0","https:\u002F\u002Fprofiles.wordpress.org\u002Fbookingkit\u002F","\u003Cp>bookingkit is the smart, German engineered online booking solution for leisure time activity providers.\u003C\u002Fp>\n\u003Cp>You can setup your account on \u003Ca href=\"https:\u002F\u002Finfo.bookingkit.de\u002Fwordpress\" rel=\"nofollow ugc\">bookingkit.de\u003C\u002Fa> and create your events within a few minutes.\u003C\u002Fp>\n\u003Cp>=Why you should use bookingkit:=\u003C\u002Fp>\n\u003Cul>\n\u003Cli>Make your services instantly bookable directly on your website. Sell more tickets through an easy-to-use booking solution for your customers to book and pay your events. All relevant payment-providers like PayPal are included.\u003C\u002Fli>\n\u003Cli>Smart interface for business and customer administration: Keep an overview of your reservations, your bookings, your customers and your income.\u003C\u002Fli>\n\u003Cli>Promote your services and acquire new clients: Advertise easily with marketing partners like TripAdvisor, GetYourGuide or CTS Eventim.\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Cp>=Requirements:=\u003C\u002Fp>\n\u003Cul>\n\u003Cli>You need a bookingkit account to use this plugin. Plans start at 0 Euro per month and can be cancelled every month.\u003C\u002Fli>\n\u003C\u002Ful>\n","bookingkit allows you to easily make your events and tours bookable - instantly and directly on your website.",80,3789,98,9,"2016-10-27T15:07:00.000Z","4.6.30","4.0",[127,54,20,55,128],"booking","booking-tool","http:\u002F\u002Fwordpress.org\u002Fplugins\u002Fbookingkit\u002F","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fbookingkit.1.0.zip",85,{"attackSurface":133,"codeSignals":237,"taintFlows":378,"riskAssessment":417,"analyzedAt":428},{"hooks":134,"ajaxHandlers":216,"restRoutes":233,"shortcodes":234,"cronEvents":235,"entryPointCount":236,"unprotectedCount":236},[135,141,147,150,153,157,160,163,166,172,176,179,184,189,192,194,196,200,203,208,212],{"type":136,"name":137,"callback":138,"file":139,"line":140},"action","admin_menu","addAdminMenu","includes\\Api\\SettingsApi.php",16,{"type":136,"name":142,"callback":143,"priority":144,"file":145,"line":146},"save_post","closure",10,"includes\\Base\\ActionHooks.php",24,{"type":136,"name":148,"callback":143,"file":145,"line":149},"init",29,{"type":136,"name":151,"callback":143,"file":145,"line":152},"shutdown",34,{"type":136,"name":154,"callback":155,"file":145,"line":156},"admin_init","setCacheTimeSetting",61,{"type":136,"name":154,"callback":158,"file":145,"line":159},"storeGoogleMapsApiKey",62,{"type":136,"name":154,"callback":161,"file":145,"line":162},"storeOptions",63,{"type":136,"name":154,"callback":164,"file":145,"line":165},"storeShortcodeTemplate",64,{"type":167,"name":168,"callback":169,"file":170,"line":171},"filter","body_class","add_data_attribute_to_body_class","includes\\Base\\BodyTag.php",14,{"type":136,"name":173,"callback":174,"priority":144,"file":170,"line":175},"wp_body_open","output_data_bs_attribute",15,{"type":136,"name":177,"callback":178,"priority":144,"file":170,"line":140},"wp_footer","output_data_bs_attribute_fallback",{"type":136,"name":180,"callback":181,"file":182,"line":183},"wp_head","startBuffering","includes\\Base\\DocumentHead.php",19,{"type":136,"name":185,"callback":186,"file":187,"line":188},"admin_enqueue_scripts","enqueueAdmin","includes\\Base\\Enqueue.php",18,{"type":136,"name":177,"callback":190,"file":187,"line":191},"enqueueGuest",20,{"type":136,"name":177,"callback":143,"priority":34,"file":193,"line":171},"includes\\Base\\GoogleTagManager.php",{"type":136,"name":148,"callback":143,"file":195,"line":140},"includes\\Base\\Rewrite.php",{"type":167,"name":197,"callback":198,"file":195,"line":199},"generate_rewrite_rules","setupRewriteRules",28,{"type":136,"name":154,"callback":201,"file":195,"line":202},"firstTimeSetupRewrites",33,{"type":167,"name":204,"callback":205,"file":206,"line":207},"pre_get_document_title","setDocumentTitle","includes\\Legacies\\EdooboxSystem.php",35,{"type":136,"name":148,"callback":209,"file":210,"line":211},"registerPages","includes\\Pages\\Admin.php",26,{"type":136,"name":213,"callback":214,"file":215,"line":191},"wp","boot","includes\\Pages\\Frontend.php",[217,221,224,227,230],{"action":218,"nopriv":219,"callback":143,"hasNonce":219,"hasCapCheck":219,"file":145,"line":220},"edo_ajax_flushcache_action",false,43,{"action":222,"nopriv":219,"callback":143,"hasNonce":219,"hasCapCheck":219,"file":145,"line":223},"edo_ajax_action",46,{"action":225,"nopriv":219,"callback":143,"hasNonce":219,"hasCapCheck":219,"file":145,"line":226},"remove-design-references",49,{"action":228,"nopriv":219,"callback":143,"hasNonce":219,"hasCapCheck":219,"file":145,"line":229},"store-design-references",52,{"action":231,"nopriv":219,"callback":143,"hasNonce":219,"hasCapCheck":219,"file":145,"line":232},"validate-api-credentials",55,[],[],[],5,{"dangerousFunctions":238,"sqlUsage":239,"outputEscaping":250,"fileOperations":236,"externalRequests":14,"nonceChecks":33,"capabilityChecks":28,"bundledLibraries":377},[],{"prepared":60,"raw":240,"locations":241},4,[242,245,248,249],{"file":243,"line":207,"context":244},"includes\\Api\\Callbacks\\AdminCallbacks.php","$wpdb->get_results() with variable interpolation",{"file":246,"line":199,"context":247},"includes\\Base\\Cache.php","$wpdb->query() with variable interpolation",{"file":246,"line":207,"context":247},{"file":246,"line":229,"context":247},{"escaped":251,"rawEcho":252,"locations":253},17,70,[254,257,258,260,262,265,268,269,271,273,274,275,277,279,280,281,283,285,287,289,290,292,294,296,298,299,301,302,303,304,305,306,308,310,311,313,315,316,317,319,321,323,325,327,329,331,332,333,335,336,338,341,343,345,347,349,352,354,355,356,357,360,361,363,365,367,369,371,373,375],{"file":170,"line":255,"context":256},41,"raw output",{"file":193,"line":175,"context":256},{"file":259,"line":122,"context":256},"includes\\Helpers\\Log.php",{"file":259,"line":261,"context":256},13,{"file":263,"line":264,"context":256},"includes\\Requests\\Helpers\\Request.php",47,{"file":266,"line":267,"context":256},"views\\components\\cmp.view-title.php",12,{"file":266,"line":183,"context":256},{"file":266,"line":270,"context":256},23,{"file":272,"line":267,"context":256},"views\\partials\\view.debug.php",{"file":272,"line":140,"context":256},{"file":272,"line":191,"context":256},{"file":272,"line":276,"context":256},22,{"file":278,"line":251,"context":256},"views\\view.caching.php",{"file":278,"line":202,"context":256},{"file":278,"line":152,"context":256},{"file":278,"line":282,"context":256},56,{"file":278,"line":284,"context":256},67,{"file":278,"line":286,"context":256},72,{"file":278,"line":288,"context":256},76,{"file":278,"line":119,"context":256},{"file":278,"line":291,"context":256},87,{"file":278,"line":293,"context":256},101,{"file":295,"line":140,"context":256},"views\\view.information.php",{"file":295,"line":297,"context":256},21,{"file":295,"line":276,"context":256},{"file":295,"line":300,"context":256},25,{"file":295,"line":211,"context":256},{"file":295,"line":149,"context":256},{"file":295,"line":34,"context":256},{"file":295,"line":202,"context":256},{"file":295,"line":152,"context":256},{"file":295,"line":307,"context":256},37,{"file":295,"line":309,"context":256},38,{"file":295,"line":255,"context":256},{"file":295,"line":312,"context":256},42,{"file":295,"line":314,"context":256},45,{"file":295,"line":223,"context":256},{"file":295,"line":226,"context":256},{"file":295,"line":318,"context":256},50,{"file":295,"line":320,"context":256},53,{"file":295,"line":322,"context":256},54,{"file":295,"line":324,"context":256},57,{"file":295,"line":326,"context":256},58,{"file":295,"line":328,"context":256},66,{"file":295,"line":330,"context":256},71,{"file":295,"line":286,"context":256},{"file":295,"line":288,"context":256},{"file":295,"line":334,"context":256},77,{"file":295,"line":13,"context":256},{"file":295,"line":337,"context":256},92,{"file":339,"line":340,"context":256},"views\\view.maps.google.php",27,{"file":342,"line":232,"context":256},"views\\view.options.php",{"file":342,"line":344,"context":256},74,{"file":342,"line":346,"context":256},91,{"file":342,"line":348,"context":256},210,{"file":350,"line":351,"context":256},"views\\view.page-indexing.php",59,{"file":350,"line":353,"context":256},65,{"file":350,"line":328,"context":256},{"file":350,"line":252,"context":256},{"file":350,"line":13,"context":256},{"file":358,"line":359,"context":256},"views\\view.shortcode-pro.php",40,{"file":358,"line":255,"context":256},{"file":358,"line":362,"context":256},147,{"file":358,"line":364,"context":256},170,{"file":358,"line":366,"context":256},193,{"file":358,"line":368,"context":256},202,{"file":358,"line":370,"context":256},205,{"file":358,"line":372,"context":256},208,{"file":358,"line":374,"context":256},212,{"file":358,"line":376,"context":256},213,[],[379,397,407],{"entryPoint":380,"graph":381,"unsanitizedCount":33,"severity":396},"setCacheTimeSetting (includes\\Api\\Callbacks\\AdminCallbacks.php:178)",{"nodes":382,"edges":394},[383,388],{"id":384,"type":385,"label":386,"file":243,"line":387},"n0","source","$_POST",184,{"id":389,"type":390,"label":391,"file":243,"line":392,"wp_function":393},"n1","sink","update_option() [Settings Manipulation]",185,"update_option",[395],{"from":384,"to":389,"sanitized":219},"low",{"entryPoint":398,"graph":399,"unsanitizedCount":33,"severity":396},"storeGoogleMapsApiKey (includes\\Api\\Callbacks\\AdminCallbacks.php:190)",{"nodes":400,"edges":405},[401,403],{"id":384,"type":385,"label":386,"file":243,"line":402},195,{"id":389,"type":390,"label":391,"file":243,"line":404,"wp_function":393},196,[406],{"from":384,"to":389,"sanitized":219},{"entryPoint":408,"graph":409,"unsanitizedCount":416,"severity":396},"\u003CAdminCallbacks> (includes\\Api\\Callbacks\\AdminCallbacks.php:0)",{"nodes":410,"edges":414},[411,413],{"id":384,"type":385,"label":412,"file":243,"line":387},"$_POST (x2)",{"id":389,"type":390,"label":391,"file":243,"line":392,"wp_function":393},[415],{"from":384,"to":389,"sanitized":219},2,{"summary":418,"deductions":419},"The \"booking-system-edoobox\" plugin version 3.4.1 exhibits a concerning security posture due to a significant number of unprotected AJAX entry points. While the static analysis did not reveal overtly dangerous functions or critical taint flows, the lack of authentication checks on all five identified AJAX handlers presents a substantial attack surface. This means an unauthenticated attacker could potentially interact with these endpoints, leading to unintended actions if the plugin's internal logic is not robustly designed.\n\nThe code analysis also indicates a low percentage of properly escaped output (20%), which could open the door to cross-site scripting (XSS) vulnerabilities if user-supplied data is directly reflected in the output without sufficient sanitization. The presence of file operations and external HTTP requests, while not inherently dangerous, increases the potential impact if an attacker can influence their behavior.\n\nNotably, the plugin has a clean vulnerability history with zero recorded CVEs. This suggests that, historically, the developers may have had good security practices or that the plugin hasn't been a primary target for exploit development. However, the current static analysis findings, particularly the unprotected AJAX handlers and poor output escaping, highlight immediate areas of concern that outweigh the positive history. The plugin's strengths lie in its relatively low complexity in terms of static code signals like dangerous functions and SQL queries, but the identified entry points are a significant weakness.",[420,422,424,426],{"reason":421,"points":191},"5 AJAX handlers without authentication checks",{"reason":423,"points":14},"Only 20% of outputs properly escaped",{"reason":425,"points":48},"3 unsanitized taint flows (paths)",{"reason":427,"points":236},"0 capability checks on entry points","2026-03-16T20:27:58.169Z",{"wat":430,"direct":441},{"assetPaths":431,"generatorPatterns":435,"scriptPaths":436,"versionParams":437},[432,433,434],"\u002Fwp-content\u002Fplugins\u002Fbooking-system-edoobox\u002Fjs\u002Flibraries\u002Fmoment\u002Fmoment.min.all.js","\u002Fwp-content\u002Fplugins\u002Fbooking-system-edoobox\u002Fjs\u002Fdist\u002Fadmin.js","\u002Fwp-content\u002Fplugins\u002Fbooking-system-edoobox\u002Fcss\u002Fedoobox-backend.css",[],[432,433],[438,439,440],"booking-system-edoobox\u002Fjs\u002Flibraries\u002Fmoment\u002Fmoment.min.all.js?ver=","booking-system-edoobox\u002Fjs\u002Fdist\u002Fadmin.js?ver=","booking-system-edoobox\u002Fcss\u002Fedoobox-backend.css?ver=",{"cssClasses":442,"htmlComments":443,"htmlAttributes":444,"restEndpoints":446,"jsGlobals":448,"shortcodeOutput":450},[],[],[445],"data-edoobox-language",[447],"\u002Fwp-json\u002Fedoobox",[449],"ajax_object",[451],"[edoobox_booking]"]